AD Sync Issue due to admin role

Question

We had some Sync errors due to the fact that 2 of us in local AD had global admin in Azure. We removed the roles and created seperate admin accounts in Azure with a different name. We also deleted the accounts that got created when the sync was trying to complete. After removing the roles and those extra account, the problem persists. The other account that are getting created are accounts of the same name, but with some numeric suffix. For example, Joe@mydomain.com is in local AD and Azure. In Azure Joe is a global admin. AD Sync creates a user Joe5423@mydomain.com. So, we delete this account Joe5423.com and clear it from recycle bin. Joe@mydomain.com has had all but GlobalReader role removed. Im not sure if that needs to go as well. The article I followed spoke to the Global Admin Role. Are there other steps missing that I need to do to clean this up and get the accounts synced back up ?

Answer 1

Hi,

I exactly had the same issue last week and I followed below steps:

To resolve this issue:

Remove the Azure AD account (owner) from all admin roles.
Hard delete the quarantined object in the cloud. This is your duplicate account in Azure Adminxxxx.domain.com
Do a delta sync
The next sync cycle will take care of soft-matching the on-premises user to the cloud account because the cloud user is now no longer a global admin.
Restore the role memberships for the owner.

Wait for few hours or atleast 12 hours to get it corrected in Azure.

It is not straight away as far as I have noticed.

Hope this helps.

==
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.